Bug#583435: rpcbind: Insecure handling of state files

On 06/ 2/10 07:25 AM, Aníbal Monsalve Salazar wrote: On Tue, Jun 01, 2010 at 02:09:07PM +0200, Guillem Jover wrote: Hi! On Thu, 2010-05-27 at 19:09:08 +0200, Guillem Jover wrote: Package: rpcbind Version: 0.2.0-4 Severity: serious Tags: security The rpcbind daemon, which runs as root, uses

Bug#583435: rpcbind: Insecure handling of state files

On 06/ 3/10 05:07 PM, Guillem Jover wrote: On Thu, 2010-06-03 at 16:34:01 -0400, Chuck Lever wrote: On 06/ 3/10 04:27 PM, Guillem Jover wrote: The second problem is that those files get created by the daemon on shutdown, and they *do* follow symlinks. So a user can drop two symlinks there while

Bug#583435: rpcbind: Insecure handling of state files

On Thu, 2010-06-03 at 16:34:01 -0400, Chuck Lever wrote: > On 06/ 3/10 04:27 PM, Guillem Jover wrote: > >The second problem is that those files get created by the daemon on > >shutdown, and they *do* follow symlinks. So a user can drop two > >symlinks > >there while the daemon is running and overwr

Bug#583435: rpcbind: Insecure handling of state files

On 06/ 3/10 04:27 PM, Guillem Jover wrote: Hi! On Thu, 2010-06-03 at 16:07:50 -0400, Chuck Lever wrote: On 06/ 2/10 07:25 AM, Aníbal Monsalve Salazar wrote: On Tue, Jun 01, 2010 at 02:09:07PM +0200, Guillem Jover wrote: On Thu, 2010-05-27 at 19:09:08 +0200, Guillem Jover wrote: Package: rpcb

Bug#583435: rpcbind: Insecure handling of state files

Hi! On Thu, 2010-06-03 at 16:07:50 -0400, Chuck Lever wrote: > On 06/ 2/10 07:25 AM, Aníbal Monsalve Salazar wrote: > > On Tue, Jun 01, 2010 at 02:09:07PM +0200, Guillem Jover wrote: > > > On Thu, 2010-05-27 at 19:09:08 +0200, Guillem Jover wrote: > > > > Package: rpcbind > > > > Version: 0.2.0-4

Bug#583435: rpcbind: Insecure handling of state files

On Tue, Jun 01, 2010 at 02:09:07PM +0200, Guillem Jover wrote: >Hi! > >On Thu, 2010-05-27 at 19:09:08 +0200, Guillem Jover wrote: >>Package: rpcbind >>Version: 0.2.0-4 >>Severity: serious >>Tags: security > >>The rpcbind daemon, which runs as root, uses /tmp/portmap.xdr and >>/tmp/rpcbind.xdr for d

Bug#583435: rpcbind: Insecure handling of state files

Hi! On Thu, 2010-05-27 at 19:09:08 +0200, Guillem Jover wrote: > Package: rpcbind > Version: 0.2.0-4 > Severity: serious > Tags: security > The rpcbind daemon, which runs as root, uses /tmp/portmap.xdr and > /tmp/rpcbind.xdr for doing warm starts as what seems to be a way to > preserve state betw

Bug#583435: rpcbind: Insecure handling of state files

Package: rpcbind Version: 0.2.0-4 Severity: serious Tags: security Hi! The rpcbind daemon, which runs as root, uses /tmp/portmap.xdr and /tmp/rpcbind.xdr for doing warm starts as what seems to be a way to preserve state between invokations. It parses (through libtirpc) and removes them on start.